Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] Linux/Slapper.worm
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Wed, 18 Sep 2002 17:59:46 +0200 (MEST)
  • Message-id: <Pine.LNX.4.44.0209181755160.5951-100000@xxxxxxxxxxxx>
> [...]
>
> For the record, I have manually updated about three dozen *nix boxes'
> openssl/Apache now, and it's definitely no problem to switch from an
> older openssl to 0.9.6e or g. The only cricital thing is to choose the
> correct SSL patch ("FixPatch") for the corresponding Apache and openssl
> versions.
>
> Needless to say that I ran numerous tests to ensure that the new
> versions work as expected.

We have run these tests at our consumer's systems a long while ago when we
tried this one time. We have learned, it causes severe pain and we will
not do this again.

Trust me. According to the book, it should work, but it doesn't.
There are a few hundred packages that depend on openssl. You will
have to test them all from a new, or recompile. All of them.

> Of course it's definitely more convenient/safe to do these updates via
> RPM/You, I don't want to encourage anyone to wreck their systems.

Please don't. :-|

> > Peter
>
> Boris


Roman.


< Previous Next >
Follow Ups
References